LogoLogo
  • WorkSpaces Manager Administration Guide for Version 6
  • Introduction
  • USER Section
    • User Dashboard
    • Change Password
  • ADMIN Section
    • Admin Dashboard
    • User Preferences
    • WorkSpaces Personal
    • WorkSpaces User Tab
    • Metrics
    • WorkSpaces Pools
    • Secure Browser
    • Users
    • Task Queue
    • Update
    • Reports
  • CONFIGURATION Section
    • Settings
      • Licensing
      • Enterprise Settings
      • Active Directory (Single or Multiple Domains)
      • WorkSpaces (Personal)
      • WorkSpaces (Secure Browser)
      • WorkSpaces (Pools)
      • Amazon Web Services
      • Remote Service Account
      • Email
      • Auto Change Compute Type
    • Schedule Rebuild
    • Schedule Start
    • Fixed Tags
    • AP Profiles
    • Custom Password Module
    • Branding
  • RESOURCES Section
    • Bundles
    • Directories
    • Regions
    • Images
    • Email Templates
  • SECURITY Section
    • Portal Users
    • Roles
  • SUPPORT Section
  • Appendices
    • Cost Optimizer Verification
    • How do I create a WorkSpace for a user?
    • Adding a single new user and creating them a WorkSpace
    • Copy an existing user and creating them a WorkSpace
    • Creating a WorkSpace from a user already in Active Directory
    • Auto-Provision by AD Group
    • Auto-Provision by Entra Group
    • Adding Another Domain
    • Multi AWS Accounts
      • Testing Multi-Accounts
      • KMS Multi-Accounts
Powered by GitBook
On this page
Export as PDF
  1. SECURITY Section

Portal Users

PreviousSECURITY SectionNextRoles

Last updated 3 months ago

Administrators are granted permissions to perform advanced actions to manage the broader WorkSpaces estate. In WorkSpaces Manager, these permissions can be granularly assigned to Portal Administrators for specific tasks.

This section allows the delegation of support roles, enabling different users to access the WorkSpaces Manager console with specific administrative rights. For example, you may assign two staff members to manage users with critical roles, where policy dictates that only they are authorized to change the reboot times for those users' WorkSpaces.

Before proceeding, ensure that the section includes an Administrator role with full permissions set up.

Adding a new Administrator

To add a new Portal administrator, click the icon on the right and select Invite User.

Enter the user's email address. An invitation email with a registration link will be sent.

The user must complete the registration process and confirm their email.

Once the registration is confirmed, go to the Portal Users page. Click on the new user and assign a role either the SuperAdmin role or a custom Admin role you’ve created.

Restricting users to Accounts, Regions or Directories

For support role delegation, you may want to restrict Portal Administrators to managing WorkSpaces in specific AWS Regions (e.g., a Support team in APAC), specific WorkSpace Directories (e.g., directories containing only Finance and Marketing users), or based on WorkSpace Tags (e.g., where the Department is 'R&D').

With this Admin Role, we've restricted the assigned users to managing WorkSpaces in the eu-west-1, eu-west-2, and eu-central-1 regions, within a specific WorkSpace Directory, and any WorkSpaces in the assigned AWS Account (with multiple options if Multi-AWS accounts are set up). They cannot manage WorkSpaces outside of these parameters (e.g., they cannot terminate or reboot a WorkSpace in us-east-1). You can add or remove Accounts, Regions, and Directories by clicking the bin icon next to them.

It’s important to note that Directories take precedence over Regions, and Accounts override both Directories and Regions.

Roles